The Illinois Supreme Court held on January 25, 2019, that plaintiffs filing suit under the Biometric Information Privacy Act—which regulates how private entities disclose and discard biometric identifiers—do not need actual...more
1/30/2019
/ Amusement Parks ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Data Collection ,
Data Privacy ,
Fingerprints ,
IL Supreme Court ,
Injury-in-Fact ,
Liquidated Damages ,
Personal Data ,
Personally Identifiable Information ,
Standing ,
Statutory Violations
The Illinois Supreme Court held on January 25, 2019, that plaintiffs filing suit under the Biometric Information Privacy Act—which regulates how private entities disclose and discard biometric identifiers—do not need actual...more
1/29/2019
/ Amusement Parks ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Facial Recognition Technology ,
Fingerprints ,
IL Supreme Court ,
Injury-in-Fact ,
Liquidated Damages ,
Personal Data ,
Personally Identifiable Information ,
Standing ,
Statutory Violations
Since the General Data Protection Regulation (“GDPR”) took effect on May 25, 2018, US companies without facilities or employees in Europe have struggled to understand the extraterritorial scope of the GDPR....more
12/3/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
The Pennsylvania Supreme Court has drastically changed the data breach litigation landscape by holding that an employer has a common law duty to use reasonable care to safeguard its employees' personal information stored on...more
11/28/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Security ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Employment Litigation ,
Identity Theft ,
Negligence ,
PA Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Reasonable Care
One of the most bedeviling aspects of data privacy and security law concerns the concept of “reasonable” data security, which has become the default statutory and common law standard. The FTC began articulating a...more
Just as many US businesses were scrambling to meet GDPR compliance, California quickly passed a broad new privacy act, giving businesses another privacy compliance headache. We’ve previously blogged on the dramatic history...more
Today the EU General Data Protection Regulation (GDPR) goes into effect, ending the data protection landscape as we know it. This comprehensive privacy law applies directly to the 28 EU countries and companies established in...more
5/25/2018
/ Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management
If you are a hospital processing European Union (EU) patient data, if you maintain EU customer loyalty programs, or if you engage in behavioral advertising of EU citizens, you may be required to appoint a data protection...more
5/4/2017
/ Article 29 Working Party (WP29) ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Electronic Protected Health Information (ePHI) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Hospitals ,
International Data Transfers ,
Personal Data ,
Popular ,
Telecommunications
The EU General Data Protection Regulation (GDPR), which takes effect in May 2018, will require companies to reassess their mechanisms for obtaining, tracking, and verifying individuals' consent. Companies will need clear and...more
In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more
The European Parliament has voted to adopt the draft text of the General Data Protection Regulation (GDPR), which imposes enhanced requirements on organizations processing personal data in the European Union and transferring...more
The European Commission (EC) has released details of the EU-U.S. Privacy Shield, a new framework under which personal data may be transferred from the European Union (EU) to the United States. The Privacy Shield replaces the...more
The Judicial Redress Act (Act), signed into law on February 24, 2016, by President Obama, extends the privacy protections offered to U.S. citizens under the Privacy Act of 1974 to citizens of ''covered countries'' overseas....more
The European Commission (EC) and the U.S. Department of Commerce have reached an agreement to create a framework for transfers of personal data from the European Union to the United States. The framework, named the EU-U.S....more
Three bills that will update California’s data breach notification requirements have been signed into law by Governor Jerry Brown. The bills impose specific requirements on providing breach notification to consumers, add a...more
10/20/2015
/ Automatic License Plate Readers ,
Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Encryption ,
Hackers ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Posting Requirements ,
Privacy Laws ,
Surveillance
The Court of Justice of the European Union (CJEU) has held that the EU Commission's decision establishing the Safe Harbor data transfer framework is invalid because the Commission failed to determine that the protection...more
10/8/2015
/ Binding Corporate Rules ,
Cybersecurity ,
Data Protection Authority ,
Edward Snowden ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
In a landmark decision that threatens to undo the process by which American companies handle personal data flowing from the European Union, the Advocate General (AG) of the European Court of Justice (ECJ) issued an advisory...more
10/1/2015
/ Advocate General ,
Better Business Bureau ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Edward Snowden ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
National Security Agency (NSA) ,
Personal Data ,
PRISM Program ,
Safe Harbors ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework